Description of problem: SELinux denied access requested by vif-bridge. It is not expected that this access is required by vif-bridge and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Create a new Virtual machine using Virtual Machine Manager 2. System Name: CentOS5 3. Virtualized Method:Paravirtualized 4. Install Media URL : /media/SCSI0_VOL1/Linux_Distros/CentOS-5.0-x86_64-bin-DVD.iso 5. Simple File (/home/tinh/xen/CentOS5)with Allocate entire disk now check (6GB) 6. Virtual Network (default) 7. VM Max Memory: 512MB, VM Startup Memory: 512 MB, VCPUs: 2 8. Actual results: Here is the error message I got from Virtual Machine Manager Unable to complete install '<class 'libvirt.libvirtError'> virDomainCreateLinux() failed POST operation failed: (xend.err 'Device 0 (vif) could not be connected. Hotplug scripts not working.') Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/create.py", line 681, in do_install dom = guest.start_install(False, meter = meter) File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 649, in start_install return self._do_install(consolecb, meter) File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 666, in _do_install self.domain = self.conn.createLinux(install_xml, 0) File "/usr/lib64/python2.5/site-packages/libvirt.py", line 480, in createLinux if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self) libvirtError: virDomainCreateLinux() failed POST operation failed: (xend.err 'Device 0 (vif) could not be connected. Hotplug scripts not working.') ' Expected results: Additional info: Source Context: system_u:system_r:udev_t:SystemLow-SystemHighTarget Context: system_u:object_r:xend_var_log_tTarget Objects: xen [ dir ]Affected RPM Packages: Policy RPM: selinux-policy-2.6.4-13.fc7Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: EnforcingPlugin Name: plugins.catchall_fileHost Name: localhost.localdomainPlatform: Linux localhost.localdomain 2.6.20-2925.9.fc7xen #1 SMP Tue May 22 09:29:36 EDT 2007 x86_64 x86_64Alert Count: 12First Seen: Thu 07 Jun 2007 04:07:05 PM ICTLast Seen: Thu 07 Jun 2007 04:30:26 PM ICTLocal ID: 739bc730-5bc8-493c-8252-29acce5d601cLine Numbers: Raw Audit Messages :avc: denied { write } for comm="vif-bridge" dev=dm-0 egid=0 euid=0 exe="/bin/bash" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="xen" pid=16233 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=dir tcontext=system_u:object_r:xend_var_log_t:s0 tty=(none) uid=0
Fixed in selinux-policy-2.6.4-14
Closing as fixes are in the current release